CVE-2024-52528

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-52528
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52528.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52528
Aliases
  • GHSA-jqx6-gm7f-vp7m
Published
2024-11-15T16:21:56.073Z
Modified
2026-04-10T05:16:30.639027Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Auth Token can be passed dummy or wrong the middleware response is 200 OK
Details

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.

Database specific 
{
    "cwe_ids": [
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52528.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/budgetcontrol/gateway

Affected ranges

Type
GIT
Repo
https://github.com/budgetcontrol/gateway
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
53f094d04bbf05a4c6de982b6ced6dfc24565134
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.5.2"
        }
    ]
}

Affected versions

v0.*
v0.1
v0.2
v1.*
v1.0
v1.1
v1.2
v1.3.1
v1.4.0
v1.4.1
v1.5.0
v1.5.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52528.json"